NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0377:  Tests for MDM unique certificates

Publication Date
2018.12.12

Protection Profiles
EP_MDM_AGENT_V3.0, PP_MDM_V3.0

Other References
FIA_X509_EXT.2.3

Issue Description

The test for FIA_X509_EXT.2.3 in PP_MDM_V3.0 currently requires a unique certificate for each device and does not allow for the possibility that the MD Agent may not allow certificates to be loaded.

Resolution

FIA_X509_EXT.2.3 in PP_MDM_V3.0 shall be modified as follows, with modifications marked with underlines:

 FIA_X509_EXT.2.3   The [selection: TSF, TOE platform] shall require a unique certificate for each client device.

 Application Note:    Each client device will have a unique X.509v3 certificate for use by the MDM Agent; the certificate is not to be reused among clients. This requirement is to ensure that the

MDM Server either provides a unique certificate or verifies that each client certificate is unique.

 

Assurance Activity

 TSS

 If "invoke platform-provided functionality" is selected, the evaluator shall examine the TSS of the MDM Server's ST to verify that it describes (for each supported platform) how this functionality is invoked (it should be noted that this may be through a mechanism that is not implemented by the MDM Server; nonetheless, that mechanism will be identified in the TSS as part of this evaluation activity).

If "implement functionality" is selected then the evaluator shall examine the TSS to verify that it describes the methods to ensure that each client utilizes a unique certificate.

 Tests

 For each MDM Agent/platform listed as supported in the ST:

 The evaluator shall utilize appropriate combinations of specialized operational environment and development tools (debuggers, simulators, etc.) for the TOE and instrumented TOE builds as needed to perform this test.

 One of the following tests must be performed depending on if the MDM agent allows for the loading of certificates.

  • Test 1: [conditional]: If the MDM agent allows for the loading of certificates:
    The evaluator shall initiate communications between the MDM Server and a client device over a trusted channel established using the device's unique certificate, verifying that a successful communication channel was established. The evaluator shall then attempt to initiate communications between the MDM Server and a second client device over a trusted channel established using the unique certificate from the first device, verifying that the MDM Server rejects this attempt at communication.
  • Test 2: [conditional]: If the MDM agent does not allow for the loading of certificates:
    The evaluator shall concurrently enroll 10 devices and ensure that the client certificate for each is unique, per the methods described in the TSS
    .

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home